Harness cutting-edge technology and the Secureworks Counter Threat Unit™ (CTU™) Research Team to analyze and prioritize global and targeted threats to assist you so you in proactively preventing security attacks.

Dell SecureWorks, an industry leader in information security services, has recently discovered several underground marketplaces where hackers are selling information packages containing "verified" health insurance credentials, bank account numbers /logins, social security numbers, and other personally identifiable information (PII) on victims. These packages of data are referred to in the underground as "fullz", an underground term for the electronic dossier on a particular individual, compiled specifically for the purpose of identity theft and fraud.

Don Jackson, senior security researcher with the SecureWorks' Counter Threat Unit™ (CTU) research team, said that when these "fullz" are sold, along with all the custom manufactured or counterfeit physical documents related to the identity data (e.g., credit cards, social secrurity cards, driver's license, insurance cards, etc.), the packages are referred to as "kitz." The current asking price for a complete identity theft kit, containing the health insurance credentials, is in the range of $1,200 to $1,300 each.

As evident by Jackson's findings, a number of these marketplaces are serving as a one-stop shop for identity theft and fraud. Not only are they selling the stolen credentials, but they also sell the supporting (counterfeit) documentation or ("dox") for an extra charge. Although Jackson did not identify specifically who was behind the underground marketplaces, he does suspect that the criminals involved in one major operation were located in the United States. This was based on specific computer network information and tell-tale signs in usage of English in electronic communications.

"Fullz" – If these records also include health insurance credentials for a US victim, then they were negotiated for about $500 each, based on what was included: full names, addresses, phone numbers, email addresses (with passwords), dates of birth, SSN or EIN, one or more of: bank account information (account & routing numbers, account type), online banking credentials (varying degrees of completeness), or credit card information (including full track2 data and any associated PINs).

Health Insurance Credentials - Health insurance credentials are $20 each. They include names (more than one for spouse & family coverage), date(s) of birth, contract number, group number, type of plan (Individual/Group, HMO/PPO, deductible and copay information), and insurer contact information for customer service and filing claims). Note: when there is a dental, vision, or chiropractic plan associated with the health plan, each of those was an additional $20.

* Some hackers' prices are based on 4% – 12% of verified current balance
** Rare items are often "parted out' or fenced separately

Bank Accounts with Attached Email Accounts – Jackson also found that credentials for bank accounts, which also included the credentials for the email account associated with the bank account, , were more valuable; as the scammer can stop the victim from receiving email alerts sent by the bank, allows a hacker to change account information and confirm back to the bank that the changes are correct.

Bank Accounts with ACH Bill Pay or Wire Transfer Features - additional features matter in the value of an account. For example, the ability to wire transfer or ACH bill-pay brings a higher value; whereas, two-factor authorization, like SMS sent to the account owners' phone to confirm wire transfers, etc. hurts the value of a stolen account.

Game Accounts – The CTU found the biggest jump in value among stolen credentials was in game accounts. There is more realized value in virtual items and currency. Steam and PSN and XBOX live linked to other accounts, multiple game titles and characters, payment information, and other services — $10/hour) or $1000+ for rare/uniqe top-level items. Important to "launder" stolen items through other shill characters.

"It is not surprising that we are seeing health insurance credentials being sold in the underground hacker markets, along with other financial and PPI data," said Jackson. "Our CTU researchers discover caches of stolen data frequently, and we have found that the hackers will steal anything they think they can sell on the underground. Health insurance credentials continue to rise in value as we see the cost of health insurance and the cost of medical services continue to rise."

Earlier this year, Dell SecureWorks' Incident Response Team was called into a large healthcare company to investigate a possible cyber intrusion. The security experts discovered that one of the company's computer systems had been infected with the Gatak Trojan, a credential- stealing Trojan (one that typically looks for names, addresses, credit card numbers, bank account numbers). The Incident Response Team found more than 25 additional unique versions of the malware across their network. Luckily, it was determined that the hackers had not gotten away with any protected health information (PHI), financial or PII data. However, Dell SecureWorks' experts made sure that the company's infected systems were removed from the network and cleaned or rebuilt. They also made recommendations on how the organization could fix the vulnerabilities in their network so the hackers could not reenter.

24 hours a day x7 days a week x365 days a year log monitoring, and Web application and network scanning

Security Intelligence around the latest threats (people working on the latest threats in real-time, human intelligence)

Encrypted email

Educating your Employees on Computer Security. A key protective measure is to educate your employees to never click on links or attachments in emails, even if they know the sender. Employees should check with the sender prior to clicking on the email links or attachments. Email and surfing the web are the two major infection vectors.